EU-U.S. Data Sharing Deal Can’t Be Trusted, Top Court Aide Says

(Bloomberg) -- U.S. tech giants such as Facebook Inc. risk greater scrutiny from European Union privacy watchdogs after an adviser to the bloc’s highest court said a data transfer accord struck between the U.S. and EU 15 years ago is illegal.

The EU-U.S. Safe Harbor decision of 2000 “is invalid,” Advocate General Yves Bot of the EU Court of Justice said in a non-binding opinion Wednesday. The Luxembourg-based EU court follows such advice in a majority of cases.

The EU’s top court has been weighing the validity of the data-sharing accord following revelations by former National Security Agency contractor Edward Snowden about U.S. government surveillance activities and mass data collection. An Irish judge last year called on the EU’s tribunal to decide whether the deal still protects privacy and whether national regulators have the power to suspend illegal data flows from the EU to the U.S.

National data privacy watchdogs do have the power, “where appropriate,” to suspend the transfer of such data to servers located in the U.S., including in the case concerning the data of European Facebook users, the adviser said.

“The existence” of a European Commission “decision finding that a third country ensures an adequate level of protection of the personal data transferred cannot eliminate or even reduce the national supervisory authorities’ powers,” Bot said.

Austrian privacy activist Max Schrems triggered the case with a complaint he filed against Facebook with the privacy watchdog in Ireland, where the U.S. social network company has its European base. He alleged that Facebook’s Irish unit illegally handed over data to U.S. spies.

Facebook, like other tech giants Google Inc. and Yahoo! Inc., have been reeling from the effects of the Snowden revelations in 2013. The companies have been trying to assure their users or customers that their products are secure and that they don’t willingly turn over data to the government.

The EU has been in negotiations with the U.S. for two years in a bid to address privacy concerns over too lax sharing of people’s personal data.